[Bug c/105356] New: Segfault in compiled program caused by premature ternary clause evaluation
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105356
Bug ID: 105356
Summary: Segfault in compiled program caused by premature
ternary clause evaluation
Product: gcc
Version: 11.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: junk at sigpwr dot com
Target Milestone: ---
Created attachment 52854
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52854&action=edit
.i file for poc
Seeing a segfault in what I believe to be valid C, related to premature
evaluation of one of the branches of a ternary expression. Works on GCC8, fails
on GCC9+.
Godbolt version:
https://godbolt.org/z/1sTG67n8W
Works on:
8.5
Segfaults on:
9.4
10.3
11.2
trunk
$ x86_64-unknown-linux-gnu-gcc -v
Using built-in specs.
COLLECT_GCC=/home/danielnelson/x-tools/x86_64-unknown-linux-gnu/bin/x86_64-unknown-linux-gnu-gcc
COLLECT_LTO_WRAPPER=/home/danielnelson/x-tools/x86_64-unknown-linux-gnu/libexec/gcc/x86_64-unknown-linux-gnu/11.2.0/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with:
/home/danielnelson/toolchain_ng/x86_new/.build/x86_64-unknown-linux-gnu/src/gcc/configure
--build=x86_64-build_pc-linux-gnu --host=x86_64-build_pc-linux-gnu
--target=x86_64-unknown-linux-gnu
--prefix=/home/danielnelson/x-tools/x86_64-unknown-linux-gnu
--exec_prefix=/home/danielnelson/x-tools/x86_64-unknown-linux-gnu
--with-sysroot=/home/danielnelson/x-tools/x86_64-unknown-linux-gnu/x86_64-unknown-linux-gnu/sysroot
--enable-languages=c,c++,fortran,go --with-pkgversion='crosstool-NG 1.25.0_rc1'
--enable-__cxa_atexit --enable-libmudflap --disable-libgomp --enable-libssp
--enable-libquadmath --enable-libquadmath-support --disable-libsanitizer
--enable-libmpx --disable-libstdcxx-verbose
--with-gmp=/home/danielnelson/toolchain_ng/x86_new/.build/x86_64-unknown-linux-gnu/buildtools
--with-mpfr=/home/danielnelson/toolchain_ng/x86_new/.build/x86_64-unknown-linux-gnu/buildtools
--with-mpc=/home/danielnelson/toolchain_ng/x86_new/.build/x86_64-unknown-linux-gnu/buildtools
--with-isl=/home/danielnelson/toolchain_ng/x86_new/.build/x86_64-unknown-linux-gnu/buildtools
--disable-lto --without-zstd --enable-threads=posix --enable-target-optspace
--disable-plugin --disable-nls --with-system-zlib --disable-multilib
--with-local-prefix=/home/danielnelson/x-tools/x86_64-unknown-linux-gnu/x86_64-unknown-linux-gnu/sysroot
--enable-long-long
Thread model: posix
Supported LTO compression algorithms: zlib
gcc version 11.2.0 (crosstool-NG 1.25.0_rc1)
Command line:
x86_64-unknown-linux-gnu-gcc
--sysroot=/home/danielnelson/x-tools/x86_64-unknown-linux-gnu/x86_64-unknown-linux-gnu/sysroot
-O2 -static --save-temps -o test poc.c
No errors in GCC output.
C file contents:
typedef long unsigned int size_t;
struct hmap_node {
size_t hash;
struct hmap_node *next;
};
struct hmap {
struct hmap_node **buckets;
struct hmap_node *one;
size_t mask;
size_t n;
};
struct parent {
char *name;
struct hmap children;
};
struct child {
char *name;
struct hmap_node hmap_node;
};
static inline struct hmap_node *
hmap_next__(const struct hmap *hmap, size_t start)
{
size_t i;
for (i = start; i <= hmap->mask; i++) {
struct hmap_node *node = hmap->buckets[i];
if (node) {
return node;
}
}
return ((void *)0);
}
static inline struct hmap_node *
hmap_first(const struct hmap *hmap)
{
return hmap_next__(hmap, 0);
}
static inline struct hmap_node *
hmap_next(const struct hmap *hmap, const struct hmap_node *node)
{
return (node->next
? node->next
: hmap_next__(hmap, (node->hash & hmap->mask) + 1));
}
void
parent_set_children(struct parent *prnt) {
struct child *child, *next_child;
size_t i;
for (((child) = ((typeof(child)) (void *) ((char *)
(hmap_first(&prnt->children)) - __builtin_offsetof ( typeof(*(child)) ,
hmap_node))), 1);
(&(child)->hmap_node != ((void *)0) ? ((next_child) =
((typeof(next_child)) (void *) ((char *) (hmap_next(&prnt->children,
&(child)->hmap_node)) - __builtin_offsetof ( typeof(*(next_child)) ,
hmap_node))), 1) : 0);
(child) = (next_child)) {
asm volatile("nop\r\n");
}
}
struct parent m;
int main(int argc, char** argv) {
m.name = "foo";
m.children.buckets = &m.children.one;
parent_set_children(&m);
return 0;
}
[Bug c++/104507] New: internal compiler error: unexpected expression ‘(int)(__ret)’ of kind cast_expr
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104507
Bug ID: 104507
Summary: internal compiler error: unexpected expression
‘(int)(__ret)’ of kind cast_expr
Product: gcc
Version: 11.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: junk at sigpwr dot com
Target Milestone: ---
Created attachment 52423
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52423&action=edit
repro ii file
Observed on multiple builds of GCC 11.2 (originally on a couple
cross-compilers, then reproduced on debian)
GCC details:
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/11/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none:amdgcn-amdhsa
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 11.2.0-14'
--with-bugurl=file:///usr/share/doc/gcc-11/README.Bugs
--enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++,m2 --prefix=/usr
--with-gcc-major-version-only --program-suffix=-11
--program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes
--with-default-libstdcxx-abi=new --enable-gnu-unique-object
--disable-vtable-verify --enable-plugin --enable-default-pie --with-system-zlib
--enable-libphobos-checking=release --with-target-system-zlib=auto
--enable-objc-gc=auto --enable-multiarch --disable-werror --enable-cet
--with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32
--enable-multilib --with-tune=generic
--enable-offload-targets=nvptx-none=/build/gcc-11-lKfaJs/gcc-11-11.2.0/debian/tmp-nvptx/usr,amdgcn-amdhsa=/build/gcc-11-lKfaJs/gcc-11-11.2.0/debian/tmp-gcn/usr
--without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu
--host=x86_64-linux-gnu --target=x86_64-linux-gnu
--with-build-config=bootstrap-lto-lean --enable-link-serialization=8
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 11.2.0 (Debian 11.2.0-14)
Command line to reproduce:
gcc -save-temps repro.cc -c -o repro.o
repro.cc: In function ‘int DoFoo()’:
repro.cc:11:89: internal compiler error: unexpected expression ‘(int)(__ret)’
of kind cast_expr
11 | const char *n = s_errmsg(__ret);
|
^
0x7fce4df477ec __libc_start_main
../csu/libc-start.c:332
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See for instructions.
Contents of repro.cc (.ii file attached):
#define ERR_MAX -20
#define s_errmsg(r) \
_k_errmsg[(((int)r) <= 0 && ((int)r) > ERR_MAX) ? -(r) : -ERR_MAX]
extern const char *_k_errmsg[];
template
inline int DoFoo() {
int __ret = 0;
const char *n = s_errmsg(__ret);
return __ret;
}
[Bug c++/104507] [10/11 Regression] internal compiler error: unexpected expression ‘(int)(__ret)’ of kind cast_expr
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104507 --- Comment #2 from Daniel Nelson --- Had a few moments to do some testing/bisecting, and found the commit that fixed this in mainline. commit 9927ecbb42d5be48fa933adc26f8601fab5007ca Author: Patrick Palka Date: Thu Oct 28 10:05:14 2021 -0400 c++: quadratic constexpr behavior for left-assoc logical exprs [PR102780] In the testcase below the two left fold expressions each expand into a constant logical expression with 1024 terms, for which potential_const_expr takes more than a minute to return true. This happens because p_c_e_1 performs trial evaluation of the first operand of a &&/|| in order to determine whether to consider the potentiality of the second operand. And because the expanded expression is left-associated, this trial evaluation causes p_c_e_1 to be quadratic in the number of terms of the expression. This patch fixes this quadratic behavior by making p_c_e_1 preemptively compute potentiality of the second operand of a &&/||, and perform trial evaluation of the first operand only if the second operand isn't potentially constant. We must be careful to avoid emitting bogus diagnostics during the preemptive computation; to that end, we perform this shortcut only when tf_error is cleared, and when tf_error is set we now first check potentiality of the whole expression quietly and replay the check noisily for diagnostics. Apart from fixing the quadraticness for left-associated logical exprs, this change also reduces compile time for the libstdc++ testcase 20_util/variant/87619.cc by about 15% even though our uses right folds instead of left folds. Likewise for the testcase in the PR, for which compile time is reduced by 30%. The reason for these speedups is that p_c_e_1 no longer performs expensive trial evaluation of each term of large constant logical expressions when determining their potentiality. PR c++/102780 gcc/cp/ChangeLog: * constexpr.c (potential_constant_expression_1) : When tf_error isn't set, preemptively check potentiality of the second operand before performing trial evaluation of the first operand. (potential_constant_expression_1): When tf_error is set, first check potentiality quietly and return true if successful, otherwise proceed noisily to give errors. gcc/testsuite/ChangeLog: * g++.dg/cpp1z/fold13.C: New test. gcc/cp/constexpr.c | 26 +- gcc/testsuite/g++.dg/cpp1z/fold13.C | 29 + 2 files changed, 50 insertions(+), 5 deletions(-) create mode 100644 gcc/testsuite/g++.dg/cpp1z/fold13.C
[Bug c++/104507] [10/11 Regression] internal compiler error: unexpected expression ‘(int)(__ret)’ of kind cast_expr
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104507 --- Comment #4 from Daniel Nelson --- Yeah, that was my thought as well (though I'm 99% unfamiliar with the GCC codebase). Some more bisecting reveals that this was introduced with https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95508 ae2ebf011fec926e003645c33c07a03619ea216a is the first bad commit commit ae2ebf011fec926e003645c33c07a03619ea216a Author: Marek Polacek Date: Wed Jun 17 09:19:02 2020 -0400 c++: ICE with IMPLICIT_CONV_EXPR in array subscript [PR95508] ...
